navigating-chatgpt-history
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No high-severity security issues were detected. The skill consists of Python scripts designed to parse and render local JSON and ZIP files containing chat histories. All file operations are performed based on user-provided arguments or within the agent's virtual memory file system (MemFS).
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted external data in the form of chat history exports (conversations.json, memories.json).
- Ingestion points: The scripts inspect-export.py, search-conversations.py, and render-conversation.py read data from user-provided export paths.
- Boundary markers: The skill does not implement specific delimiters or warnings to the agent when rendering chat content into Markdown.
- Capability inventory: The skill possesses the ability to read and write files on the local filesystem and manage the agent's long-term memory (MemFS).
- Sanitization: No sanitization or filtering of the chat message content is performed before it is rendered into prompts for the agent. While this presents an attack surface for indirect prompt injection, it is a functional requirement of the skill and the risk is considered low within the context of analyzing chat archives.
Audit Metadata